[SOLVED] Issues configuring guest wifi on TP-Link Archer C6 [SOLVED]

Hi there.
I previously used TP-Link WA801ND for a private wifi and a guest wifi. It worked fine. Now I got new devices: TP-Link Archer C6.
I already installed OpenWRT. I established a wifi connection.
What I want to do now is a guest wifi like on the old devices, too. I followed the instructions like I did before in the tutorial to configure guest wifi on a dumb AP.
My client device (smartphone) can connect to the private wifi and the guest wifi.
The guest wifi gives an IP address but I won't get internet access. What am I doing wrong?

What do you need?
TBH I am only configuring with LuCi.

Kind regards,

Michael

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

uci export network
uci export firewall
1 Like

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '??????'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.178.106'
        option gateway '192.168.178.1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 4 5 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 0t'

config interface 'guest'
        option proto 'static'
        option ipaddr '192.168.201.101'
        option netmask '255.255.255.0'

package firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled '0'

config include
        option path '/etc/firewall.user'

config zone
        option name 'guest'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'guest'
        option masq '1'

config rule
        option name 'Guest DHCP'
        list proto 'udp'
        option src 'guest'
        option dest_port '67-68'
        option target 'ACCEPT'

config rule
        option name 'Guest DNS'
        option src 'guest'
        option dest_port '53'
        option target 'ACCEPT'

config rule
        option name 'Block Access to Private Network'
        list proto 'all'
        option src 'guest'
        option dest 'lan'
        list dest_ip '192.168.178.0/24'
        option target 'DROP'

config forwarding
        option src 'guest'
        option dest 'lan'

Add a DNS server to the dumb AP's lan interface or add an option 6 to the dhcp guest section (in /etc/config/dhcp).

1 Like

oh boy. facepalm it works.
but... do I have to think about something else? is something else need?
because now I have 2 radios, not one likeo n the TP-Link WA801ND.

there is one 802.11nac and 802.11bgn. do I have to configure the wifi 2 times?

If you need guest Wi-Fi for both 2.4 GHz and 5 GHz bands, you have to create two wifi-ifaces and attach them to the guest network interface.

Ok thx. And do I have to configure the same IP settings? Does it switch automatically from 2,4 Ghz to 5 and back?

  • LuCI/Network/Wireless - Click Add on your other radio
  • Change ESSID for example to Guest2
  • Select Network and check your current Guest network.
  • If you're using Wireless Security use your guest login credentials.
  • Save/Apply

You should see a new Guest2 wifi connection show up on your phone - Your choice if you want to use Guest or Guest2.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.